What is CUDA?
CUDA is NVIDIA's “Compute Unified Device Architecture” and is particularly useful to the forensic community for brute force password cracking. This specialized CUDA platform is capable of about 4.769 TeraFlops of performance (4769 GigaFlops). NVIDIA CUDA technology leverages the massive parallel processing power of NVIDIA GPUs. The CUDA architecture is a revolutionary parallel computing architecture that delivers the performance of NVIDIA's world-renowned graphics processor technology to general purpose GPU Computing. Applications that run on the CUDA architecture can take advantage of an installed base of over one hundred million CUDA-enabled GPUs in desktop and notebook computers, professional workstations, and supercomputer clusters.
With the CUDA architecture and tools, developers are achieving dramatic speedups in fields such as medical imaging and natural resource exploration, and creating breakthrough applications in areas such as image recognition and real-time HD video playback and encoding. CUDA enables this unprecedented performance via standard APIs such as the soon to be released OpenCL™ and DirectX® Compute, and high level programming languages such as C/C++, Fortran, Java, Python, and the Microsoft .NET Framework.
What is the Forensic Application?
Not all Forensic applications will benefit from this massive amount of computational power. One major application that will, however, is brute force password recovery. By employing Elcomsoft's Distributed Password Recovery (EDPR), the CUDA platform can be used to dramatically accelerate brute force password recovery. Elcomsoft Distributed Password Recovery employs a revolutionary, patent pending technology to accelerate password recovery when a compatible NVIDIA graphics card is present in addition to the CPU-only mode. The acceleration technology offloads parts of computational-heavy processing onto the fast and highly scalable processors featured in the NVIDIA's latest graphic accelerators. Additionally, EDPR also operates in a distributed environment where multiple workstations can work together to distribute the workload of a single task. Currently. EDPR supports the following file and password formats (GPU accelerated as noted):
- GPU Accelerated - Microsoft Word/Excel/PowerPoint/Project 2007 (.DOCX, .XLSX, .PPTX, .MSPX) (password recovery - "open" password only).
- Microsoft Word/Excel/PowerPoint XP/2003 (.DOC, .XLS, .PPT) (password recovery - "open" password only).
- Microsoft Word/Excel 97/2000 (.DOC, .XLS) (password recovery - "open" password only).
- Microsoft Word/Excel 97/2000 (.DOC, .XLS) (guaranteed decryption).
- Microsoft Money (password recovery).
- Microsoft OneNote (password recovery).
- OpenDocument (ODF): documents, spreadsheets, presentations, graphics/drawing, formulae (password recovery).
- GPU Accelerated - PGP disks with conventional encryption (.PGD), whole disk encryption.
- PGP zip archives (.PGP), self-decrypting archives (.EXE), secret key rings (.SKR) (password/passphrase recovery).
- Personal Information Exchange certificates - PKCS #12 (.PFX, .P12) (password recovery).
- Adobe Acrobat PDF files ("user" and "owner" password recovery).
- Adobe Acrobat PDF files with 40-bit encryption (guaranteed decryption).
- GPU Accelerated - Windows NT/2000/XP/2003/Vista logon passwords (LM/NTLM) (password recovery).
- Windows SYSKEY startup passwords (password recovery).
- GPU Accelerated - Windows DCC (Domain Cached Credentials) passwords (password recovery).
- UNIX users' passwords (password audit/recovery).
- Intuit Quicken (.QDF) (password recovery).
- Lotus Notes ID files (password recovery).
- GPU Accelerated - MD5 hashes (plaintext recovery).
- Oracle users' passwords (password audit/recovery).
- GPU Accelerated - WPA and WPA2 passwords (password recovery).
- TheBat! master passwords (masterkey.dat) and passwords to backups (*.tbk).
Elcomsoft continues to work to provide additional GPU Acceleration for many of the file formats which are not already capable. Digital Intelligence has been working with Elcomsoft to identify customer requirements and further this endeavor. Each FRED-SC SuperComputer comes bundled with a license for Elcomsoft's EDPR which can be run in a distributed environment of up to 20 workstations (with, or without, CUDA capabilities).
FRED SC EDPR Super Computer Password Performance
Listed below are the benchmarks from the older GTX295 cards. The new GTX480 cards have shown us a 45% speed improvement over the previous cards.
Baseline FRED SC Specifications
- 23 3/4" High, 8 3/8" Wide, 25 1/4" Deep - 100 lbs
- ATX Server Case: 12 x 5¼", 1100W Modular Power Supply
- i7 Motherboard with Intel X58 / ICH10R Chipset
- Intel i7 920 Extreme Edition CPU (Quad Processor), 2.66 Ghz, 8M Cache, 4.80 GT/s Intel® QPI
- 4xPCI-Express 2.0 (x16), 3xPCI Slots
- 12 GB DDR3-1333 Triple Channel Memory
- 4 x NVIDIA GTX-280 Water Cooled Video Cards. 1 GPU each with 480 Stream Processors per GPU and 1536 MB Memory per card.
- Dual 10/100/1000 Mbs Gigabit Ethernet Network Adapters
- 8 Channel High Definition Audio Controller
- 6 Ports (6 Drives) Primary 3.0 Gb/s Serial ATA (SATA) Controller (RAID Capable)
- 1 Powered eSATA/USB Connector
- 1 PS/2 Keyboard Port
- 1 PS/2 Mouse Port
- 1 FireWire IEEE 1394a (400 MB/s) Port
- 1 x 150 Gb 10,000 RPM 3.0 Gb/s SATA Hard Drive in Shock-Mounted Tray – OS Drive
- 1 x 1.5 Tb 7200 RPM 3.0 Gb/s SATA Hard Drive in Shock-Mounted Tray – Data Drive
- 3 x Native Shock Mounted SATA Removable Hard Drive Bays
- BD-R/BD-RE/DVD ± RW/CD ± RW Blu-ray Burner Dual-Layer Combo Drive
- Wireless 104 Key Microsoft Keyboard
- Wireless Microsoft Intellimouse
- 22" Widescreen LCD Monitor with Built-in Speakers
Software
- Microsoft Windows 98SE Standalone DOS (Pre-Installed & Configured)
- Microsoft Windows XP Pro (Pre-Installed & Configured)
- NVIDIA CUDA
|
